Suspicious Team viewer behaviour

ilyes23i Posts: 1
edited August 2022 in General questions


Our EDR flag an installer for team viewer as malicious behavior, the analysis of the signature show attempts to disable Windows defender + Powershell Remove-Item with -Path to delete a file or a folder with "-Recurse".

The hash of the Files are :

  • TeamViewer.exe : f8b8e01d2835da62b3cd87101bc9beb303bbd11b0ecdfc698c219993b583ec4b
  • Dropped Files :
  • tv_x64.exe : 2b4ccb84f2a6099eb36b8a2852ed5e21f6dc1ad2ef90d247854dd27fbde51fa8
  • tv_w32.exe : 6949d6126063ce9f4de49b8ec8f7ab262307c913e6fac751722575c57e91177e

We want to know if these files are legitimate and come from Teamviewer and if is the case why such behavior, Please this is an emergency situation waiting for the response.